Two Android File Management Spyware Apps Transfers Sensitive User Data to China

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a recent discovery, security researchers identified two spywares disguised as File Management applications on Google Play store. With more than 1.5 million combined installations, the applications are said to affect a large number of Android users worldwide.

Attributed to the same developer, the applications automatically launch without any user input to exfiltrate sensitive user data.

The applications identified as ‘’File Recovery and Data Recovery (com.spot.music.filedate)’’ show over a million installations. While the ‘’File Manager (com.file.box.master.gkd)’’ has been installed over 500,000 times.

According to the mobile security company Pradeo, the applications claim that no user data is collected. However, the company’s behavioral analysis engine discovered that without the users’ knowledge these applications collect information like real time location, contacts list including from emails and social media accounts, mobile country code, network provider details, device brand and model, operating system version, network code of SIM provider, and media files including pictures, audio, and video contents.

‘’Specifically, each application performs more than a hundred transmissions of the collected data, an amount that is so large it is rarely observed,’’ noted Pradeo. The stolen data is transferred to various servers in China, which have been identified as malicious by security experts.

Furthermore, to establish their legitimacy, the app developers seem to have used install farms or mobile device emulators to boost the numbers and ranking in the store’s search list. This theory of Pradeo can be proven as both the apps have a large number of user population but no user reviews.

To make matters worse, both the apps secure advanced user permissions that allow them to automatically launch when the device restarts. It also uses the technique to make uninstallation difficult by hiding the app icons from the home screen.

In light of this discovery, it is essential that users check for reviews before installing any application and thoroughly vet the permissions before accepting them. It is also recommended to install applications from trustworthy developers and organizations.

Razer Investigates Hacker’s Claims of Breach and Data Theft

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

A threat actor has claimed to have breached and stolen data from the gaming hardware company, Razer Inc. On being made aware of the breach, the American-Singapore technology company in a short statement on Twitter announced investigation into the potential hacking incident.

The alleged incident came to light on July 7, 2023, when on a hacker forum, a user offered the stolen data for $100,000 in Monero cryptocurrency. The data includes encryption keys, source codes, and backend access credentials to the company’s main website and products. According to the seller’s post, there are no restrictions or exclusivity regarding a buyer. Any interested party can contact the seller for the complete data set at the stated price, which is open for negotiation.

To authenticate the data breach claims, the hacker also shared screenshots containing file trees, email addresses of users having Razer Gold accounts, API details, information associated with its reward system, and more. The seller claims to have access to 404,000 accounts. However, the claims about the stolen data are yet to be verified.

Cyber security researchers at FalconFeedsio were the first to spot this post and shared this with the company and the public (in a tweet) as well.

Although Razer has not confirmed the hacking incident, it has announced that the necessary containment measures have been adopted including securing its network, resetting member accounts, and requesting users to reset their passwords. The company also stated that the relevant authorities would be informed upon conclusion of the investigation.

Earlier in 2020, Razer experienced a third-party related security breach that exposed 100,000 customers’ data. The accidentally exposed data included names, phone numbers, billing and shipping details, email address and IDs of its customers.

With 19 offices worldwide, Razer is one of the leading gaming gear companies in the world. In 2021, the company posted a revenue of $1.62 billion.